Location: Cairo, Egypt (100% On-Premise)Contract Duration: 6 Months (Extendable)Employment Type: ContractAbout us:Where elite tech talent meets world-class opportunities!At Xenon7, we work with leading enterprises and innovative startups on exciting, cutting-edge projects that leverage the latest technologies across various domains of IT including Data, Web, Infrastructure, AI, and many others. Our expertise in IT solutions development and on-demand resources allows us to partner with clients on transformative initiatives, driving innovation and business growth. Whether it's empowering global organizations or collaborating with trailblazing startups, we are committed to delivering advanced, impactful solutions that meet today's most complex challenges.About the Client:Join one of Egypt's premier financial institutions, renowned for its extensive suite of banking services, including Institutional Banking, Personal Banking, and Islamic Banking. With a global presence through over 50 branches and correspondents, we serve a diverse and dynamic clientele. As we embark on a groundbreaking digital transformation journey, we are committed to leveraging the latest technologies to establish a state-of-the-art data architecture that will redefine our performance and service delivery.Job Summary:This role exists to accelerate the information security compliance posture across IT and Digital Transformation. The specialist acts as the InfoSec function's technical compliance arm—tracking, evidencing, and reporting on remediation progress against CBE Cybersecurity Framework requirements, PCI DSS obligations, and internal control commitments. The role also leads and executes assurance exercises, either directly or by scoping and managing third-party security assessment engagements.Key Responsibilities: IT & Digital Transformation Compliance Follow-Up Maintain a live compliance tracker across all active CBE Cybersecurity Framework control domains (IAM,PAM, GRC, Container Security, and others). Conduct regular technical walk-throughs with IT and Digital Transformation teams to validateimplementation status and close evidence gaps. Escalate risks and blockers to the Head of GRC and CISO with clear risk-quantified language suitable forRisk Committee reporting. Map remediation actions to OKR key results and track delivery against agreed timelines Prepare compliance status reports in a format suitable for senior management and regulatory audiences PCI DSS Engagement Lead Own the end-to-end PCI DSS engagement cycle — scoping, gap assessment, remediation tracking, QSAcoordination, and Report on Compliance (RoC) or Self-Assessment Questionnaire (SAQ) readiness. Coordinate across IT, Operations, and Digital to ensure cardholder data environment (CDE) controls areimplemented, evidenced, and maintained. Manage the relationship with the appointed Qualified Security Assessor (QSA) and act as the internalpoint of contact throughout the assessment cycle. Drive closure of PCI DSS findings and build a compensating controls register where technical controls arenot yet feasible. Maintain PCI DSS documentation library including network diagrams, data flow diagrams, asset inventory,and policies relevant to the CDE. InfoSec Assurance Exercises Plan and execute assurance activities including control testing, configuration reviews, access reviews,and policy compliance spot checks. Scope, procure, and manage third-party security assessment vendors where specialized assessmentcapability is required (e.g., penetration testing, red team exercises, cloud security reviews). Produce clear assurance reports with risk-rated findings, business impact statements, and prioritizedremediation recommendations. Track finding remediation to closure and validate effectiveness of corrective actions Coordinate with the InfoSec Control Validation Manager to align assurance outputs withbroader control validation programme.Requirements Minimum 7 years of information security experience, with at least 3 years in a banking or financialinstitution. Hands-on PCI DSS experience — must have participated in or led at least one full RoC or SAQ-Dassessment cycle. Deep knowledge of CBE Cybersecurity Framework requirements and Egyptian regulatory context Experience conducting technical compliance gap assessments across IT infrastructure, network, andapplication layers. Strong written and verbal communication skills in both Arabic and EnglishPreferred Certifications CISA — Certified Information Systems Auditor PCIP or PCI ISA — PCI Internal Security Assessor ISO 27001 Lead Auditor CISM — Certified Information Security ManagerPreferred Experience Prior experience in an Egyptian bank or financial institution operating under CBE oversight Familiarity with GRC tooling (RSA Archer, ServiceNow GRC, or equivalent) Experience working with external auditors, QSAs, and regulatorsBenefitsAttractive, market-leading salary packageClear career advancement path with professional development opportunities